Merge pull request #194 from r4um/validate-state

Validate state param while redirecting.
2016-01-19 10:21:32 -05:00 · 2016-01-19 10:21:32 -05:00 · d5a332c3f2
commit d5a332c3f2
parent 613a342115 f957a1e435
1 changed files with 1 additions and 1 deletions
--- a/oauthproxy.go
+++ b/oauthproxy.go
@ -476,7 +476,7 @@ func (p *OAuthProxy) OAuthCallback(rw http.ResponseWriter, req *http.Request) {
 	}

 	redirect := req.Form.Get("state")
-	if redirect == "" {
+	if !strings.HasPrefix(redirect, "/") {
 		redirect = "/"
 	}